ocserv 0.10.3

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun May 24 02:39:22 PDT 2015


Hello,
  I've just released ocserv 0.10.5. This is a bug fix release which 
resolves all known issues in the 0.10.x branch.

* Version 0.10.5 (released 2015-05-24)
- Added tgt-freshness-time option for gssapi/Kerberos authentication
  option. That allows to specify the maximum number of seconds after
  which a reauthentication with Kerberos is required to login to VPN.
- main/sec-mod: impose long timeouts on reads from sec-mod. That would
  prevent issues when reading in a blocked in authentication sec-mod.
- radius: When using radius accounting with certificate authentication,
  properly notify of user session termination.
- radius: On definitely terminated sessions contact the radius server as
  soon as possible. For sessions that can still be resumed the radius
  server is contacted periodically after the cookies expire.
- radius: consider Acct-Interim-Interval when seen by the server.
  That can be overriden using override-interim-updates in radius subconfig.
- Added configuration options 'persistent-cookies' and 'session-timeout'.
- radius: added support for Route-IPv6-Information, Delegated-IPv6-Prefix,
  NAS-IPv6-Address, NAS-IP-Address, Session-Timeout.
- Corrected desync of main and sec-mod by introducing a synchronous
  communication socket. Reported by Mani Behrouz.
- PAM: forward the actual prompt to worker process, and not only informational
  messages.


The current release is available at:
ftp://ftp.infradead.org/pub/ocserv/ocserv-0.10.5.tar.xz
ftp://ftp.infradead.org/pub/ocserv/ocserv-0.10.5.tar.xz.sig

The VPN server's web-site is at:
http://www.infradead.org/ocserv

regards,
Nikos





More information about the openconnect-devel mailing list